From ${URL} : It was discovered that the NSS files backend in glibc could corrupt data while it was read from files such as /etc/passwd or /etc/hosts, returning incorrect data to the application, potentially disclosing information or leading to escalation of privilege. External references: https://sourceware.org/bugzilla/show_bug.cgi?id=17079 Upstream commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ac60763eac3d43b7234dd21286ad3ec3f17957fc @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
this is in the glibc 2.22 ebuild already and will be in 2.22-r1 when unmasked
@toolchain, I doubt this can be cleaned up, but as usual will check with the project. Can it? Thanks.
cleanup of glibc/binutils/gcc packages should be left to the toolchain team. it's not the same as other packages.
(In reply to SpanKY from comment #3) > cleanup of glibc/binutils/gcc packages should be left to the toolchain team. > it's not the same as other packages. Yes, that was the intent of the comment. Asking if the toolchain team can cleanup the vulnerable ebuilds.
This issue was resolved and addressed in GLSA 201702-11 at https://security.gentoo.org/glsa/201702-11 by GLSA coordinator Thomas Deutschmann (whissi).